As I mentioned in my last post I was in the middle of completing a series of YouTube videos on Assembly Primer for Hackers. I am proud to say I finally finished the video series and I would encourage anyone trying to learn Assembly that they should definitely watch this series. The eleven videos that I went through broke down how Assembly programs work and how information is pushed into registers and different memory locations. The instructor provided us with code to use and was extremely thorough in his explanation of the different concepts. I learned how to move things in and out of registers and how to verify and debug programs using GDB.
The greatest moment occurred near the end of the video series. The last 2 programs which went over functions and function stacks gave me issues as the programs that he wrote were for 32-bit architecture and I was running GDB in a 64-bit architecture. I spent a good portion of yesterday on video 10 trying to get certain push and pop functions to work. The program called for a "pushl" and "popl" which are commands used to push and pop in a 32-bit architecture. After banging my head against the wall for a bit and a lot of Googleing I still could not get it but thankfully the first comment told me how to change the push and pop commands as well as the registers, for example, %eax becomes %rax in a 64-bit system and "pushl" becomes "pushq" and "popl" becomes "popq".
The last video which had to do with function stacks gave me a little bit more trouble but not as bad as video 10. When I got the program I saw the same push and pop commands I saw in video 10. Since I already knew how to fix those I did those first. I was able to compile and link but when I ran it the program through an error. Eventually, after much back and forth, I re-wrote all the commands to represent 64-bit architecture and was able to compile, link and run the program. The only problem is that it was just exiting out and not writing HelloWorld. I tried running it in GDB to see if it would shed any light but I could not figure it out on my own. As I watched the rest of the video I saw my issue as the instructor explained how and where things were being placed in the stack. Since he was basing his program and video off of 32-bit the memory space was in 4-bytes instead of 8 in the 64-bit architecture. After doing some math and mapping of the address space I was able to successfully edit the program to look at the right memory space to pull the HelloWorld and print it on the screen. After recompiling the program and running it, HelloWorld appeared and it was a joyous moment. I was able to understand what was going on and how to read the stack properly to adjust my program from 32 to 64 bit.
The next series I am going to be watching is on exploit research and given how well the Assembly Primer series went I cannot wait to tackle this one. Until next time.
Assembly Primer for Hackers
Saturday, December 14, 2019
Monday, December 9, 2019
Metasploit, BURP, Assembly and MORE LINUX
It has been awhile since I last posted I hope everyone had a Happy Thanksgiving and is getting into the holiday spirit. Aside from stuffing my face with food I also have been continuing the lessons that have been laid out for me to become a better security professional and prepare myself to take the OSCP. After my introduction to Linux I continued learning more Linux commands such as how to compare files using "diff" and how to change passwords for a specific user. It was eye opening to learn about the diff command as in the past I have usually copied the files to notepad and use Notepad++ to do compare. The training covered everything from extracting and compressing gzip files, setting up SSH, partitioning with GParted, shell scripting and process, jobs and killing processes.
The next lesson was learning how to use Metasploit. I have always known that Metasploit was a powerful tool and I had always wanted to learn how to use it. The YouTube videos covered using tools and exploits such as SSH scanner and FTP Login to creating and using payloads and backdoors. It helped that Metasploit gives you a vulnerable box to test with and I cannot wait to crack open my Metasploit book once I am finished with my lessons.
BURP Suite was up next. BURP is a suite of tools used to detect vulnerabilities in web applications. Unfortunately I could only use the community version which didn't allow me to try the full suite of tools it has. I am hoping that once I add it to my tools at my company I can go back and practice the things I could not do. The one thing I would ask the company that manages BURP is that if I am using the community addition I should be able to modify the settings for the tools that I have access to.
Currently I am working on the basics of exploit development. I am watching a series of videos on Assembly for Hackers. This is my first dive into Assembly and it is a lot to take in and remember. From understanding the memory space your application runs in to writing an assembly program and the various sections of initialized and uninitialized data and registers. It is a lengthy video series in terms of minutes per video but it is a lot of information. I am excited to see how the rest of the videos are and then begin the video series on exploit research.
Well that is it for now. I hope to post more frequently and include articles and stories on top of the things I am learning.
The next lesson was learning how to use Metasploit. I have always known that Metasploit was a powerful tool and I had always wanted to learn how to use it. The YouTube videos covered using tools and exploits such as SSH scanner and FTP Login to creating and using payloads and backdoors. It helped that Metasploit gives you a vulnerable box to test with and I cannot wait to crack open my Metasploit book once I am finished with my lessons.
BURP Suite was up next. BURP is a suite of tools used to detect vulnerabilities in web applications. Unfortunately I could only use the community version which didn't allow me to try the full suite of tools it has. I am hoping that once I add it to my tools at my company I can go back and practice the things I could not do. The one thing I would ask the company that manages BURP is that if I am using the community addition I should be able to modify the settings for the tools that I have access to.
Currently I am working on the basics of exploit development. I am watching a series of videos on Assembly for Hackers. This is my first dive into Assembly and it is a lot to take in and remember. From understanding the memory space your application runs in to writing an assembly program and the various sections of initialized and uninitialized data and registers. It is a lengthy video series in terms of minutes per video but it is a lot of information. I am excited to see how the rest of the videos are and then begin the video series on exploit research.
Well that is it for now. I hope to post more frequently and include articles and stories on top of the things I am learning.
Subscribe to:
Comments (Atom)